‘Bring on the bugs’: SpaceX will pay you up to $25,000 to hack Starlink
Someone hacked Elon Musk’s Starlink internet satellite network using a $25 homemade device, but don’t worry, they’re cool with it.
In fact, Starlink, which is a division of rocket-ship company SpaceX, is encouraging people to hack its system and suss out its security issues through a bug bounty program.
“Starlink welcomes security researchers (bring on the bugs),” the company wrote last week, announcing the hack.
The company made the announcement shortly after Lennert Wouters, a security researcher, said he hacked into Starlink and presented his findings at the Black Hat security conference in Las Vegas on Aug. 10.
Tech companies have a long history of offering bounties for successful hacking. That’s because they can then fix the bugs that well-meaning hackers find, rather than have those bugs exploited in future by people with worse intentions.
Starlink offers rewards up to $25,000 to researchers who report vulnerabilities they’ve discovered through “nondisruptive” testing, which means any testing that does not affect user service or attacks on the infrastructure as a whole. SpaceX lists the average payout within the past three months as $973.
SpaceX did not immediately respond to Fortune’s request for comment.
Last week, Wouters said his attacks on Starlink were performed within the scope of the company’s bug bounty program, and he disclosed his hack to them. The hacking tool he developed was a custom circuit board known as “modchip,” and it was created using $25 worth of parts, according to Wired.
Although it was made public only recently, Wouters told Starlink about its vulnerabilities last year, and was paid for identifying them through the bug bounty program, according to Wired.
SpaceX referred to the attack as technically impressive, and the first of its kind that the company is aware of.
“Normal Starlink users do not need to be worried about this attack affecting them, or take any action in response,” SpaceX wrote.
The company said it uses multiple defense layers to provide protection, so that if one layer is compromised there are others behind it that will work to control the problem.
Still, that doesn’t mean there won’t be future attacks with all kinds of motives, including stealing user information and data.
“We are going to sell a lot of Starlink kits (that’s our business!),” the company said. “So we have to assume some of those kits will go to people who want to attack the system.”